BENGALURU · FULLTIME
BDO RISE is hiring - Network Penetration Tester - Senior/AM/Manager

BDO Rise
Bengaluru · onsite · Posted 3d ago
Sourced from
Undisclosed4–7 yrsfulltimeBengaluru
Your match
?
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Job Duties:
- Executes client penetration testing and vulnerability assessment engagements across external and internal networks, Active Directory, web applications, APIs, cloud platforms, and Microsoft 365, including reconnaissance, attack surface discovery, and service
- enumeration Uses offensive security tools and techniques to identify, validate, and demonstrate exploitability, including Kali Linux toolchain, Nessus/Tenable, Nmap, Burp Suite, Metasploit, and BloodHound, and validates exploitability end to end for High and Critical findings and when feasible for other findings.
- Performs authenticated testing when appropriate by coordinating access approvals, applying least privilege, safeguarding secrets, and confirming access removal or rotation at engagement close out.
- Performs web and API security testing using Burp Suite and related techniques, focusing on authentication, session management, access control, injection, insecure deserialization, and business logic, and documents reproducible steps and payloads for remediation and retesting
- Evaluates AI-enabled applications and LLM integrations for common risks (for example, prompt injection, sensitive data exposure, insecure output handling, and tool or function calling abuse) and provides practical mitigation guidance aligned to OWASP Top 10 for LLM Application
- Supports scoping and delivery under the direction of an assigned Project Manager by documenting objectives and rules of engagement, coordinating technical logistics with client teams, providing timely status updates across concurrent engagements, and ensuring testing is performed safely within approved scope
- For internal and Active Directory engagements, maps and demonstrates feasible attack paths, for example, using BloodHound or equivalent, including privilege escalation and lateral movement, validates root causes in configuration and permissions, and provides actionable remediation
- Maintains thorough, reproducible workpapers and evidence with appropriate data protection practices, participates in peer review and quality assurance, and escalates critical findings quickly to support timely mitigation
- Produces high-quality client deliverables, including test plans, technical reports, and executive readouts, with clear evidence, proof-of-exploit artifacts, risk ratings, reproduction steps, and prioritized remediation recommendations, and facilitates results discussions and remediation workshop
- Facilitates red team style engagements in collaboration with client SOC teams by coordinating deconfliction, leveraging SIEM telemetry to validate detection and response, and supporting threat hunting and purple team activities tied to observed attacker behavior
- Performs validation and retesting to confirm remediation effectiveness and documents retest results for client stakeholders
- Builds and maintains internal offensive security tooling, scripts, and reusable testing components, including automation and agent-based utilities, to improve assessment repeatability and quality. Contributes through Git workflows, pull requests, and code revie
Qualifications, Knowledge, Skills, and Abilities Education
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field, preferred (or equivalent experience
Experiene
- Four (4) or more years of hands-on penetration testing and security assessment experience (network, web, API, wireless, cloud, and/or Microsoft 365), including scoping, execution, reporting, and client presentations, required
- Demonstrated experience producing professional services deliverables (test plans, technical reports, executive summaries) and communicating complex technical issues to non-technical stakeholders, required
- Experience testing AI-enabled applications (including LLM-based features) and familiarity with emerging guidance such as OWASP Top 10 for LLM Applications, preferred
- Experience supporting social engineering assessments, such as phishing, vishing, baiting, and tailgating, preferred
- Strong fundamentals in Windows and Linux administration, TCP/IP networking, and DNS, required.
- Hands-on experience administering and troubleshooting Active Directory in enterprise environments, including users and groups, group policy, permissions, and DNS integration, plus foundational knowledge of authentication protocols and identity flows such as Kerberos, NTLM, SAML, OAuth 2.0, and OpenID Connect, required.
- Experience working with SIEM platforms and core SOC workflows, including basic threat hunting and alert triage to validate detections during red team or purple team activities, preferred
- Hands-on experience with scripting/automation and light tool development to improve testing efficiency and repeatability (e.g., Python, PowerShell, Bash), required
- DevOps and engineering fundamentals, including Git version control, pull request workflows, and exposure to CI/CD and containers (for example, GitHub Actions, Azure DevOps pipelines, Docker), preferred
- Experience conducting internal network and Active Directory penetration tests, including attack path mapping (for example, using BloodHound or equivalent), privilege escalation, lateral movement, and prioritized remediation guidance, preferred
- Three (3) or more years of experience supporting IT Penetration and Security projects such as PTES, OWASP, SANS, or other cyber security frameworks, preferred
- Experience working within a national consulting organization or professional services, prefer
Software
- Proficient in the use of Windows and Microsoft Office Suite, specifically Word, Excel, and PowerPoint, required.
- Proficient with offensive security and assessment toolsets (e.g., Kali Linux toolchain, Burp Suite, Metasploit, Nmap, Nessus/Tenable, and common AD assessment tooling such as BloodHound), including scan configuration/tuning, manual verification, and evidence collection, required.
- Familiarity with SIEM tooling and log investigation workflows (for example, Splunk and Microsoft Sentinel) to support validation of detection and response during engagements, preferred
- Proficient with Git-based source control and collaboration platforms (for example, GitHub), including branching, pull requests, and peer review, required
- Experience using AI-assisted development tools (for example, GitHub Copilot and Claude Code) to accelerate scripting and tool development, with the ability to use these tools responsibly without exposing client confidential data or sensitive credentials, preferred
- Experience with cloud platforms and identity/security services (e.g., Microsoft Azure and Microsoft 365) and the ability to script/automate tasks (e.g., Python, PowerShell, Bash), preferred
- Familiarity with AI/LLM security testing approaches and tooling (e.g., structured prompt testing, abuse-case libraries, and API-driven test harnesses) and the ability to use AI-assisted tooling responsibly without exposing client confidential data, preferred.
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02
Skills
PythonAPISplunkGITLinuxCi/CdDevopsDockerBashGithubAzure DevopsDNSActive DirectoryPenetration TestingPowershellMicrosoft AzureClaude CodeMicrosoft Office SuiteTCP/IPcloud platformsapisWindowssiemOWASPGithub CopilotTenableVulnerability AssessmentKerberosBurp SuiteKali LinuxMicrosoft 365SentinelSAMLnessusGithub ActionsOAuthweb applicationsMetasploitNmapAPI Security TestingOpenID ConnectLLM integrationsSANSPTESBloodhoundWeb Security TestingNTLMAI-enabled applicationsOWASP Top 10 for LLM Application
Section · Company
About BDO RISE Private Limited

BDO Rise
Accounting & Auditing
3.2k+
employees
2021
5 years old
Bangalore / Bengaluru, Karnataka
headquarters
₹15.2L PA avg
Avg at BDO RISE Private Limited
About
BDO RISE stands for round-the-clock international services for excellence providing exceptional client service in the global economy to BDO USA offering Assurance, Tax, Advisory and Digital practices.
Industries
Accounting & Auditing
Employee ratings
10 reviews
3.4/ 5
Culture
2.4
Career growth
2.2
Work-life
2.2
Employees rate it well for
Company Culture34Job Security34
Find them on